CVE-2018-20838

NONE EPSS 60.8%
Published May 13, 20197y ago ยท Modified Jun 17, 20262w ago
Find Similar
Published May 13, 2019 7y ago
Last Modified Jun 17, 2026 2w ago

Description

ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS.

Threat Intelligence

EPSS Exploit Probability
60.8% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
magazine3amp_for_wp* <0.9.97.21

References 4

  • ampforwp.com https://ampforwp.com/critical-security-issues-has-been-fixed-in-0-9-97-20-version/
  • plugins.trac.wordpress.org https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/trunk/changelog.txt
    Release NotesThird Party Advisory
  • wordpress.org https://wordpress.org/plugins/accelerated-mobile-pages/#developers
    Release NotesThird Party Advisory
  • wordfence.com https://www.wordfence.com/blog/2018/11/xss-injection-campaign-exploits-wordpress-amp-plugin/
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.